Labs
Lab 15-1
Analyze the sample found in the file Lab15-01.exe. This is a command-line program that takes an argument and prints “Good Job!” if the argument matches a secret code.
Questions
Q: | 1. What anti-disassembly technique is used in this binary? |
Q: | 2. What rogue opcode is the disassembly tricked into disassembling? |
Q: | 3. How many times is this technique used? |
Q: | 4. What command-line argument will cause the program to print “Good Job!”? |
Lab 15-2
Analyze the malware found in the file Lab15-02.exe. Correct all anti-disassembly countermeasures before analyzing the binary in order to answer the questions.
Questions
Q: | 1. What URL is initially requested by the program? |
Q: | 2. How is the User-Agent generated? |
Q: | 3. What does the program look for in the page it initially ... |
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.